Lucene search
+L

254 matches found

Tenable Nessus
Tenable Nessus
added 2003/05/21 12:0 a.m.19 views

Horde Turba status.php Path Disclosure

There is a flaw in the file 'status.php' of this CGI which may allow an attacker to retrieve the physical path of the remote web root. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. Ref: Date: 17 May 2003 13:18:59 -0000 From: Lorenzo Manuel Hernandez Garcia-Hierro To:...

5.3AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2003/05/09 12:0 a.m.22 views

PHP Topsites counter.php count_log_file Parameter Arbitrary File Overwrite

The remote host has the cgi 'counter.php' installed. This CGI contains a flaw that can be abused by an attacker to overwrite arbitrary files on the system with the privileges of the web server. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. Ref:...

5.8AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2003/05/06 12:0 a.m.110 views

thttpd Host Header Traversal Arbitrary File Access

The remote HTTP server allows anyone to browse the files on the remote host by sending HTTP requests with a Host: field set to '../../'. C Tenable Network Security, Inc. include"compat.inc"; ifdescription scriptid11576; scriptversion "1.18"; scriptcveid"CVE-2002-1562", "CVE-2003-0899";...

9.8CVSS5.4AI score0.21679EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2003/04/29 12:0 a.m.25 views

IdeaBox include.php ideaDir Parameter Remote File Inclusion

It is possible to make the remote host include PHP files hosted on a third-party server using ideabox. An attacker may use this flaw to inject arbitrary code in the remote host and gain a shell with the privileges of the web server. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. Ref: Date:...

6AI score
Exploits0References1
securityvulns
securityvulns
added 2003/04/21 12:0 a.m.35 views

[NT] BadBlue Arbitrary Administrative Actions Vulnerability

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com - - promotion In the US? Contact Beyond Security at our new California office housewarming rates on automated network vulnerability scanning. We also...

1AI score
Exploits0
CERT
CERT
added 2003/04/17 12:0 a.m.33 views

Buffer Overflow in mod_ssl

Overview A buffer overflow exists in modssl. Description modssl is an Apache module that allows secure connections over X.509 authenticated channels. A buffer overflow exists in the sslcompatdirective function. For more detailed information, please see the original vulnerability report. --- Impac...

7.8CVSS7.8AI score0.011EPSS
Exploits0References4
securityvulns
securityvulns
added 2003/04/05 12:0 a.m.28 views

@(#)Mordred Labs advisory - Integer overflow in PHP array_pad() function

//@ Mordred Security Labs advisory Release date: April 1, 2003 Name: Integer overflow in PHP arraypad function Versions affected: all versions Risk: average Author: Sir Mordred [email protected] I. Description: PHP is a widely-used general-purpose scripting language that is especially suited for...

1.3AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2003/04/04 12:0 a.m.25 views

Microsoft FrontPage Unpassworded Installation

The remote web server appears to have FrontPage Extensions installed with incorrectly set permissions. A remote attacker could exploit this to modify web pages on the server. C Tenable Network Security, Inc. include"compat.inc"; ifdescription scriptid11455; scriptversion "$Revision: 1.21 $";...

5.6AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2003/03/28 12:0 a.m.30 views

E-theni aff_liste_langue.php rep_include Parameter Remote File Inclusion

It is possible to make the remote host include PHP files hosted on a third-party server using E-Theni. An attacker may use this flaw to inject arbitrary code in the remote host and gain a shell with the privileges of the web server. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. Ref: From:...

6.8CVSS6AI score0.04836EPSS
Exploits1References2
Exploit DB
Exploit DB
added 2003/03/25 12:0 a.m.46 views

PHP-Nuke 6.5 Addon - 'Viewpage.php' File Disclosure

source: https://www.securityfocus.com/bid/7191/info PHP-Nuke has been reported prone to a file disclosure vulnerability when using the viewpage.php addon. It has been reported that PHP-Nuke may disclose arbitrary web server readable files under certain circumstances. It should be noted that this...

7.4AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2003/03/25 12:0 a.m.24 views

SimpleChat Information Disclosure

It is possible to retrieve list of users currently connected to the remote SimpleChat server by requesting the file 'data/usr'. An attacker may use this flaw to obtain the IP address of every user currently connected. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. Ref: Date: 20 Mar 2003...

5.5AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2003/03/17 12:0 a.m.75 views

Apache 2.0.x < 2.0.43 Multiple Vulnerabilities (Log Injection, Source Disc.)

The remote host appears to be running a version of Apache 2.0.x prior to 2.0.43. It is, therefore, affected by an information disclosure vulnerability. An attacker can exploit this vulnerability by making a POST request to files in a folder with both WebDAV and CGI enabled. Note that Nessus solel...

5CVSS5.5AI score0.17413EPSS
Exploits8References3
Exploit DB
Exploit DB
added 2003/02/19 12:0 a.m.54 views

cPanel 5.0 - &#039;Guestbook.cgi&#039; Remote Command Execution (1)

// source: https://www.securityfocus.com/bid/6882/info A remote command execution vulnerability has been discovered in the cPanel CGI Application. This issue occurs due to insufficient sanitization of externally supplied data to the 'guestbook.cgi' script. An attacker may exploit this vulnerabili...

7.4AI score
Exploits0
exploitpack
exploitpack
added 2003/02/09 12:0 a.m.10 views

Cedric Email Reader 0.20.3 - Skin Configuration Script Remote File Inclusion

Cedric Email Reader 0.20.3 - Skin Configuration Script Remote File Inclusion source: https://www.securityfocus.com/bid/6818/info It has been reported that Cedric Email Reader is prone to an issue that may allow remote attackers to include malicious files located on remote servers. This issue is...

0.1AI score
Exploits0
Exploit DB
Exploit DB
added 2003/01/02 12:0 a.m.26 views

N/X Web Content Management System 2002 Prerelease 1 - &#039;menu.inc.php?c_path&#039; Remote File Inclusion

source: https://www.securityfocus.com/bid/6500/info N/X Web Content Management System is prone to an issue which may allow remote attackers to include arbitrary files located on remote servers. An attacker may exploit this by supplying a path to a maliciously created file, located on an...

7AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2002/11/18 12:0 a.m.348 views

LiteServe HTTP Service Malformed URL Decoding Remote DoS

The remote web server does not respond after it receives a URL consisting of a long string of '%' characters. Note that if the web server is protected with some sort of Intrusion Prevention Systems IPS, this may be a false-positive. C Tenable Network Security, Inc. Affected: Webseal 3.8 unconfirm...

5.5AI score
Exploits0
NVD
NVD
added 2002/08/29 4:0 a.m.18 views

CVE-2002-1353

LocalWEB2000 HTTP server 2.1.0 stores passwords in plain text under the web document root in users.lst, which allows remote attackers to obtain the passwords via a direct request to users.lst...

5CVSS6.6AI score0.01388EPSS
Exploits0References4
Cvelist
Cvelist
added 2002/07/15 4:0 a.m.24 views

CVE-2002-0686

Buffer overflow in the search component for iPlanet Web Server iWS 4.1 and Sun ONE Web Server 6.0 allows remote attackers to execute arbitrary code via a long argument to the NS-rel-doc-name parameter...

7.9AI score0.04298EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2002/06/20 1:22 p.m.6 views

Moderate: Red Hat Security Advisory: apache security update for Stronghold

The Apache Web server contains a security vulnerability which can be used to launch a denial of service attack, or in some cases, allow remote code execution. Versions of the Apache Web server up to and including 1.3.24 contain a bug in the routines which deal with requests encoded using "chunked...

7.5CVSS6.1AI score0.95027EPSS
Exploits8References4
Tenable Nessus
Tenable Nessus
added 2002/06/05 12:0 a.m.38 views

JRun Multiple Sample Files Remote Information Disclosure

This host is running the Allaire JRun web server and has sample files installed. Several of the sample files that come with JRun contain serious security flaws. An attacker can use these scripts to relay web requests from this machine to another one or view sensitive configuration information as...

6.4CVSS5.6AI score0.02512EPSS
Exploits0References3
Rows per page
Query Builder